List of applications/Security

For detailed guides, see the main ArchWiki page, Security.

Network security

See also Wikipedia:Comparison of packet analyzers.

• airgeddon — Multi-use bash script to audit wireless networks

https://github.com/v1s1t0r1sh3r3/airgeddon || airgeddon^AUR

• Arpwatch — Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.

https://ee.lbl.gov/ || arpwatch

• bettercap — Swiss army knife for network attacks and monitoring.

https://www.bettercap.org/ || bettercap

• darkstat — Captures network traffic, calculates statistics about usage, and serves reports over HTTP.

https://unix4lyfe.org/darkstat/ || darkstat

• dsniff — Collection of tools for network auditing and penetration testing.

https://www.monkey.org/~dugsong/dsniff/ || dsniff

• EtherApe — Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.

https://etherape.sourceforge.io/ || etherape

• Ettercap — Multipurpose Network sniffer/analyser/interceptor/logger.

https://ettercap.github.io/ettercap/ || CLI: ettercap, GUI: ettercap-gtk

• GNOME Network Tools — GNOME interface for various networking tools.

https://gitlab.gnome.org/GNOME/gnome-nettool || gnome-nettool

• hping — Command-line oriented TCP/IP packet assembler/analyzer.

http://hping.org/ || hping

• IPTraf — Console-based network monitoring utility.

https://sourceforge.net/projects/iptraf-ng/ || iptraf-ng

• jnettop — top-like console network traffic visualizer.

https://sourceforge.net/projects/jnettop/ || jnettop

• justniffer — Network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.

https://justniffer.sourceforge.net/ || justniffer^AUR

• Kismet — 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

https://www.kismetwireless.net/ || kismet

• LinSSID — Graphical wireless scanner.

https://sourceforge.net/projects/linssid/ || linssid

• Nemesis — Command-line network packet crafting and injection utility.

https://nemesis.sourceforge.net/ || nemesis^AUR

• Net Activity Viewer — Graphical network connections viewer, similar in functionality with Netstat.

https://netactview.sourceforge.net/ || netactview^AUR

• netsniff-ng — High performance Linux network sniffer for packet inspection.

http://netsniff-ng.org/ || netsniff-ng

• ngrep — grep-like utility that allows you to search for network packets on an interface.

https://github.com/jpr5/ngrep || ngrep

• Nmap — Security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.

https://nmap.org/ || CLI: nmap, GUI: zenmap^AUR

• Ntop — Network probe that shows network usage in a way similar to what top does for processes.

https://www.ntop.org/ || ntop^AUR

• pyNeighborhood — GTK-based SMB/CIFS browsing utility.

https://launchpad.net/pyneighborhood || pyneighborhood^AUR

• Smb4K — Advanced network neighborhood browser and Samba share mounting utility for KDE.

https://apps.kde.org/smb4k/ || smb4k

• Snort — Network intrusion prevention and detection system.

https://www.snort.org/ || snort^AUR

• Spectools — A set of utilities for spectrum analyzer hardware including Wi-Spy devices.

https://www.kismetwireless.net/static/spectools/ || spectools^AUR

• Sshguard — Daemon that protects SSH and other services against brute-force attacks, similar to Fail2ban.

https://www.sshguard.net/ || sshguard

• ssh-audit — SSH configuration auditing.

https://github.com/jtesta/ssh-audit/ || ssh-audit

• Suricata — High performance Network IDS, IPS and Network Security Monitoring engine.

https://suricata-ids.org/ || suricata^AUR

• Tcpdump — Common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.

https://www.tcpdump.org/ || tcpdump

• vnStat — Console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.

https://humdi.net/vnstat/ || vnstat

• What IP — Small GTK application to get info on your IP.

https://gabmus.gitlab.io/whatip/ || whatip^AUR

• Wireshark — Network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.

https://www.wireshark.org/ || CLI: wireshark-cli, GUI: wireshark-qt

• Xplico — Network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.

https://www.xplico.org/ || xplico^AUR

• Zeek — Powerful network analysis framework that is much different from the typical IDS you may know.

https://zeek.org/ || zeek^AUR

Firewall management

See iptables#Front-ends and nftables#Front-ends.

Threat and vulnerability detection

• AFICK — Security tool that allows to monitor the changes on your file systems, and so can detect intrusions.

https://afick.sourceforge.net/ || afick^AUR

• Chipsec — a framework for analyzing platform level security of hardware, devices, system firmware, low-level protection mechanisms, and the configuration of various platform components.It contains a set of modules, including simple tests for hardware protections and correct configuration, tests for vulnerabilities in firmware and platform components, security assessment and fuzzing tools for various platform devices and interfaces, and tools acquiring critical firmware and device artifacts.

https://chipsec.github.io/ || chipsec-git^AUR, chipsec-dkms-git^AUR

• Lynis — Security and system auditing tool to harden Unix/Linux systems.

https://cisofy.com/lynis/ || lynis

• Metasploit Framework — An advanced open-source platform for developing, testing, and using exploit code.

https://www.metasploit.com/ || metasploit

• Nessus — Comprehensive vulnerability scanning program.

https://www.tenable.com/products/nessus || nessus^AUR

• OpenVAS — Framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. FOSS Nessus fork.

https://www.openvas.org/ || openvas-scanner^AUR

• OSSEC — Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

https://ossec.net/ || ossec-hids-local^AUR, ossec-hids-server^AUR, ossec-hids-agent^AUR

• OWASP ZAP — Web application security scanner.

https://www.zaproxy.org/ || zaproxy

• Samhain — Host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

https://www.la-samhna.de/samhain/index.html || samhain-client^AUR, samhain-server^AUR, samhain-standalone^AUR

• Tiger — Security tool that can be used both as a security audit and intrusion detection system.

https://www.nongnu.org/tiger/ || tiger^AUR

• Tripwire — Intrusion detection system.

https://github.com/Tripwire/tripwire-open-source || tripwire-git^AUR

File security

• AIDE — File and directory integrity checker.

https://aide.github.io || aide^AUR

• Logwatch — Customizable log analysis system.

https://sourceforge.net/projects/logwatch/ || logwatch

Anti malware

• ClamAV — Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

https://www.clamav.net/ || clamav

• ClamTk — Graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.

https://gitlab.com/dave_m/clamtk/ || clamtk, Nautilus plugin: clamtk-gnome^AUR, Thunar plugin: thunar-sendto-clamtk^AUR

• Linux Malware Detect — Malware scanner designed around the threats faced in shared hosted environments.

https://www.rfxn.com/projects/linux-malware-detect/ || maldet^AUR

• Rootkit Hunter — Checks machines for the presence of rootkits and other unwanted tools.

https://rkhunter.sourceforge.net/ || rkhunter

• Hostsblock — A script that downloads, sorts, and compiles multiple ad- and malware-blocking hosts files.

https://gaenserich.github.io/hostsblock/ || hostsblock^AUR

Screen lockers

See also Session lock.

• betterlockscreen — i3lock-color wrapper. Betterlockscreen allows you to cache images with different filters and lockscreen with blazing speed.

https://github.com/pavanjadhaw/betterlockscreen || betterlockscreen^AUR

• Cinnamon Screensaver — Screen locker for the Cinnamon desktop.

https://github.com/linuxmint/cinnamon-screensaver || cinnamon-screensaver

• Deepin Screensaver — A lightweight Qt5 based screensaver.

https://github.com/linuxdeepin/deepin-screensaver || deepin-screensaver

• i3lock — A simple screen locker. Provides user feedback and uses PAM authentication. The background can be set to an image or solid color.

https://i3wm.org/i3lock/ || i3lock

• i3lock-blur — Fork of i3lock which can use your desktop with the blur effect applied as a background.

https://github.com/karulont/i3lock-blur || i3lock-blur^AUR

• i3lock-color — Fork of i3lock with color and positioning configuration support and can use your desktop with the blur effect applied as a background.

https://github.com/Raymo111/i3lock-color || i3lock-color^AUR

• Light-locker — A simple locker (forked from gnome-screensaver) that aims to have simple, sane, secure defaults and be well integrated with the desktop while not carrying any desktop-specific dependencies. It relies on LightDM for locking and unlocking your session via ConsoleKit/UPower or logind/systemd.

https://github.com/the-cavalry/light-locker || light-locker

• MATE Screensaver — Screensaver and locker for MATE Desktop Environment.

https://github.com/mate-desktop/mate-screensaver || mate-screensaver

• physlock — Screen and console locker.

https://github.com/muennich/physlock || physlock

• sflock — Simple screen locker utility for X, based on slock. Provides a very basic user feedback.

https://github.com/benruijl/sflock || sflock-git^AUR

• slock — Very simple and lightweight X screen locker. Offers only a black background when locked, there are no animations or text fields.

https://tools.suckless.org/slock/ || slock

• tsscreenlock — Screen locker used in theShell. Shows music controls, and if used with theShell, also shows desktop notifications.

https://github.com/vicr123/tsscreenlock || tsscreenlock^AUR

• vlock — TTY locker. A mirror of the original vlock is available at github.

https://kbd-project.org/ || kbd

• xfce4-screensaver — A screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the xfce desktop.

https://git.xfce.org/apps/xfce4-screensaver/about/ || xfce4-screensaver

• xlockmore — Simple X11 screen lock with PAM support.

https://sillycycle.com/xlockmore.html || xlockmore

• XScreenSaver — Screen saver and locker for the X Window System.

https://www.jwz.org/xscreensaver/ || xscreensaver

• XSecureLock — X11 screen lock utility designed with the primary goal of security.

https://github.com/google/xsecurelock || xsecurelock

• xtrlock — Very lightweight X display locker. Keeps windows visible and displays lock icon instead of mouse cursor. Typing password followed by enter unlocks the screen.

https://packages.debian.org/sid/xtrlock || xtrlock

• swaylock — Screen locker for Wayland.

https://github.com/swaywm/swaylock || swaylock

• swaylock-effects — Swaylock, with fancy effects.

https://github.com/jirutka/swaylock-effects || swaylock-effects-git^AUR

• gtklock — GTK-based lockscreen for Wayland.

https://github.com/jovanlanik/gtklock || gtklock

Password auditing

• John the Ripper — Password cracker.

https://www.openwall.com/john || john

• Hashcat — Multithreaded advanced password recovery utility.

https://hashcat.net/hashcat || hashcat

Password managers

Cryptography

Privilege elevation

• doas — A portable version of OpenBSD's doas command, known for being substantially smaller in size compared to sudo while pursuing the same goal of running commands as root or another user.

https://github.com/Duncaen/OpenDoas || opendoas

• pkexec(1) — A Polkit application that allows an authorized user to run commands or an interactive shell as another user. Configured using Polkit rules.

https://gitlab.freedesktop.org/polkit/polkit/ || polkit

• polkit-fakesudo — A wrapper for polkit that emulates sudo.

https://github.com/Aleksanaa/polkit-fakesudo || polkit-fakesudo^AUR

• run0(1) — An alternative invocation of systemd-run(1) to temporarily and interactively acquire elevated or different privileges. Does not rely on SetUID and SetGID. Uses Polkit for authentication.

https://systemd.io/ || systemd

• su — Command used to assume the identity of another user on the system.

https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/about/ || util-linux

• sudo — Command to delegate the ability to run commands as root or another user while providing an audit trail.

https://www.sudo.ws/sudo/ || sudo